Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 568c38c74f95612fc3c236539b037ebe490302ee
commit568c38c74f95612fc3c236539b037ebe490302ee[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Mon Feb 05 14:40:39 2024 +0100
committerSerge Bazanski <serge@monogon.tech>Thu Feb 08 11:10:07 2024 +0000
tree8380bdc8956c3843cce7fae9cf4c700576d22d87
parent7eeef0f448a4ec1737e2e63961f24f51eec5deae [diff]
m/c/metroctl: use TOFU CA for Kubernetes with node pinning hack

Now that we have a persisted CA certificate in metroctl, we can use it
when generating a kubeconfig to verify the cluster.

There's a catch though: the presented node certificates do not have any
'global' name (just per-node names), and we can't easily tell Kubernetes
to trust any name from a given CA. Thus, we introduce a hack to pin the
name of the node we're connecting to within the generated kubeconfig.

Change-Id: Iea6aa5c0012c793fcb42a94c3c9bf35ea5787ab1
Reviewed-on: https://review.monogon.dev/c/monogon/+/2744
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
4 files changed
tree: 8380bdc8956c3843cce7fae9cf4c700576d22d87
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. net/
  8. third_party/
  9. tools/
  10. version/
  11. .bazelignore
  12. .bazelproject
  13. .bazelrc
  14. .bazelrc.sandboxroot
  15. .bazelversion
  16. .git-ignore-revs
  17. .gitignore
  18. BUILD.bazel
  19. CODING_STANDARDS.md
  20. go.mod
  21. go.sum
  22. LICENSE
  23. MODULE.bazel
  24. MODULE.bazel.lock
  25. README.md
  26. SETUP.md
  27. shell.nix
  28. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later!

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

Run a single node demo cluster

Build CLI and node image:

bazel build //metropolis/cli/dbg //:launch --config dbg

Launch an ephemeral test node:

bazel test //:launch --config dbg --test_output=streamed

Run a kubectl command while the test is running:

bazel-bin/metropolis/cli/dbg/dbg_/dbg kubectl describe node

Test suite

Run full test suite:

bazel test --config dbg //...